106 matches found
Siemens Energy Services
SUMMARY Energy Services from Siemens previously known as Managed Applications and Services, sell solutions using Elspec G5 devices that allows a person with physical access to the device to reset the Admin password by inserting a USB drive containing a publicly documented reset string into a USB...
CVE-2025-59392
On Elspec G5 devices through 1.2.2.19, a person with physical access to the device can reset the Admin password by inserting a USB drive containing a publicly documented reset string into a USB port...
EUVD-2025-38049
On Elspec G5 devices through 1.2.2.19, a person with physical access to the device can reset the Admin password by inserting a USB drive containing a publicly documented reset string into a USB port...
CVE-2025-59392
On Elspec G5 devices through 1.2.2.19, a person with physical access to the device can reset the Admin password by inserting a USB drive containing a publicly documented reset string into a USB port...
CVE-2025-59392
On Elspec G5 devices through 1.2.2.19, a person with physical access to the device can reset the Admin password by inserting a USB drive containing a publicly documented reset string into a USB port...
CVE-2025-59392
On Elspec G5 devices through 1.2.2.19, a person with physical access to the device can reset the Admin password by inserting a USB drive containing a publicly documented reset string into a USB port...
CVE-2025-59392
The CVE describes a vulnerability in Elspec G5 devices (versions up to and including 1.2.2.19) where a user with physical access can reset the Admin password by inserting a USB drive containing a publicly documented reset string. Root cause is physical access combined with USB-based reset data; i...
Elspec G5 安全漏洞
Elspec G5 is a multifunctional digital fault recorder from Elspec, Israel. A security vulnerability exists in Elspec G5 version 1.2.2.19 and earlier, which originates from a physical visitor being able to reset the administrator password by inserting a USB drive containing a specific string...
PT-2025-45256
Name of the Vulnerable Software and Affected Versions Elspec G5 versions through 1.2.2.19 Description A person with physical access to the device can reset the Admin password by inserting a USB drive containing a publicly documented reset string into a USB port. Recommendations Versions prior to...
CVE-2025-59392
On Elspec G5 devices through 1.2.2.19, a person with physical access to the device can reset the Admin password by inserting a USB drive containing a publicly documented reset string into a USB port...
CVE-2024-22083
An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. A hardcoded backdoor session ID exists that can be used for further access to the device, including reconfiguration tasks...
CVE-2024-22078
An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Privilege escalation can occur via world writable files. The network configuration script has weak filesystem permissions. This results in write access for all authenticated users and the possibility to...
CVE-2024-22085
An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. The shadow file is world readable...
CVE-2024-22081
An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Unauthenticated memory corruption can occur in the HTTP header parsing mechanism...
CVE-2024-22079
An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Directory traversal can occur via the system logs download mechanism...
CVE-2024-22077
An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. The SQLite database file has weak permissions...
CVE-2024-22080
An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Unauthenticated memory corruption can occur during XML body parsing...
CVE-2024-22084
An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Cleartext passwords and hashes are exposed through log files...
CVE-2024-22082
An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Unauthenticated directory listing can occur: the web interface cay be abused be an attacker get a better understanding of the operating system...
CVE-2024-46603
An XML External Entity XXE vulnerability in Elspec Engineering G5 Digital Fault Recorder Firmware v1.2.1.12 allows attackers to cause a Denial of Service DoS via a crafted XML payload...